CVE-2024-29182

Name of the Vulnerable Software and Affected Versions Collabora Online versions prior to 23.05.10.1

Description A stored cross-site scripting issue was found in Collabora Online, a collaborative online office suite based on LibreOffice. An attacker could create a document with an XSS payload in document text referenced by a field, which, if hovered over to produce a tooltip, could be executed by the user's browser.

Recommendations For versions prior to 23.05.10.1, upgrade to Collabora Online 23.05.10.1 or higher to resolve the issue. As a temporary workaround, consider restricting the use of tooltips in documents to minimize the risk of exploitation.